An error occurs when you run the ADPREP/FORESTPREP command on a Windows Server 2003-based computer: "An attribute with the same link identifier already exists"

Article translations Article translations
Article ID: 969307 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

When you run the ADPREP /FORESTPREP command to extend the forest schema on a Windows Server 2003-based computer, the command fails, and you receive the following error message:
Connecting to "<host name of schema master>"
Logging in as current user using SSPI
Importing directory from file "C:\WINDOWS\system32\sch44.ldf"
Loading entries........
Add error on line 43: Unwilling To Perform
The server side error is "Schema update failed: An attribute with the same link
identifier already exists."
7 entries modified successfully.
An error has occurred in the program
ERROR: Import from file C:\WINDOWS\system32\sch44.ldf failed. Error file is saved in ldif.err.44.
In this case, if you open the ldif.err.44 error file, you see an error that resembles the following message:
Entry DN: CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=<forest root domain>
Add error on line 43: Unwilling To Perform 
 
The server side error is "Schema update failed: An attribute with the same link identifier already exists."
 
An error has occurred in the program
Note The error also occurs on other attributes. For example, the error occurs when a schema change assigns a link ID 2046 to the camDBSignonRef object.

CAUSE

This error is caused when the ADPREP /FORESTPREP command tries to add a new object to the schema partition by using a linkID that has already been assigned to an existing object in the schema partition.

RESOLUTION

Important Do not change the linkIDs for existing objects in the schema partition because the behavior can cause Active Directory replication to fail with a schema mismatch.

To resolve this issue, follow these steps:
  1. Identify the conflicting linkID that is being added. The conflicting linkID value can be identified by reviewing the schema definition file in the LDIF.ERR.<Number> file. In this case, you will find CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=<DC name>,DC=com in SCH44.LDF is being assigned a linkID of 2160.
  2. Identify the object in the target schema partition that currently owns the conflicting linkID. You can search the schema on the target schema master to see what existing object was assigned the linkID that conflicts with the object in the Sch<xx>.ldf file. To do this, use the REPADMIN, LDIFDE, LDP.EXE or an equivalent tool. Here are some samples for the tools:
    For REPADMIN search
     
    repadmin /showattr fsmo_schema: ncobj:schema: /filter:"(&(objectclass=*)(linkid=<link ID value>))" /subtree
    
     
    For LDIFDE search:
     
    LDIFDE -f <filename> -d "CN=Schema,CN=Configuration,DC=<forest root domain>" -r (linkID=<link ID value>)
    
     
    For LDP search:
     
    BaseDN: CN=Schema,CN=Configuration,DC=<DC>,DC=com
    Scope : Subtree
    Filter: (&(objectclass=*)(linkid=<link ID value>) 
    
  3. Copy the contents of the ADPREP folder from the Windows Server 2008 source DVD to the hard disk of the computer from which you want to perform the schema update.
  4. Assign new linkIDs to forward link objects in the Sch<xx>.ldf files that conflict with linkIDs of existing objects in the schema partition. If the schema operations master (also known as flexible single master operations or FSMO) roles host on Windows Server 2003 and the domain controller functional level is DS_BEHAVIOR_WIN2003 or a higher level, assign the well-known object identifier (also known as OID) "1.2.840.113556.1.2.50" to the linkID field for all forward link attributes in the SCH<xx>.LDF whose linkIDs conflict with existing objects in the target forest. The "1.2.840.113556.1.2.50" object identifier will assign unique auto-generated linkIDs in the target schema.

    In this case, the linkID 2160 that was previously assigned to CN=ms-PKI-DPAPIMasterKey conflicts with the linkID 2160 that is defined in Sch44.ldf for CN=ms-DS-BridgeHead-Servers-Used. To resolve this issue, follow these steps:
    1. Open the Sch44.ldf file. Then, you see the following text for CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=<DC>:
      dn: CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=X
      changetype: ntdsSchemaAdd
      adminDescription: List of bridge head servers used by KCC in the previous run.
      adminDisplayName: ms-DS-BridgeHead-Servers-Used
      attributeID: 1.2.840.113556.1.4.2049
      attributeSyntax: 2.5.5.7
      cn: ms-DS-BridgeHead-Servers-Used
      instanceType: 4
      isSingleValued: FALSE
      lDAPDisplayName: msDS-BridgeHeadServersUsed
      linkID: 2160
      objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
      objectClass: attributeSchema
      oMObjectClass:: KoZIhvcUAQEBCw==
      oMSyntax: 127
      schemaFlagsEx: 1
      schemaIDGUID:: ZRTtPHF7QSWHgB4epiQ6gg==
      searchFlags: 0
      showInAdvancedViewOnly: TRUE
      systemFlags: 25
      
    2. Change the linkID field from "2160" to "1.2.840.113556.1.2.50" to trigger auto-generation of unique linkIDs on Windows Server schema operations masters.
    3. After that, you see the following text in the Sch44.ldf file for CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=<DC>:
      dn: CN=ms-DS-BridgeHead-Servers-Used,CN=Schema,CN=Configuration,DC=X
      changetype: ntdsSchemaAdd
      adminDescription: List of bridge head servers used by KCC in the previous run.
      adminDisplayName: ms-DS-BridgeHead-Servers-Used
      attributeID: 1.2.840.113556.1.4.2049
      attributeSyntax: 2.5.5.7
      cn: ms-DS-BridgeHead-Servers-Used
      instanceType: 4
      isSingleValued: FALSE
      lDAPDisplayName: msDS-BridgeHeadServersUsed
      linkID: 1.2.840.113556.1.2.50
      objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
      objectClass: attributeSchema
      oMObjectClass:: KoZIhvcUAQEBCw==
      oMSyntax: 127
      schemaFlagsEx: 1
      schemaIDGUID:: ZRTtPHF7QSWHgB4epiQ6gg==
      searchFlags: 0
      showInAdvancedViewOnly: TRUE
      systemFlags: 25
      
  5. Update linkIDs for the back-link attributes when linkIDs for forward link attributes are modified. Some objects in Active Directory have back-link attributes, and other objects do not have back-link attributes, such as the CN=ms-DS-BridgeHead-Servers-Used object that is used in this example. You have to determine whether the object that is modified has a back-link attribute with another object. If the object has a back-link object, modify the back-link object too.

    Note If the linkID definition of the back-link object uses a hard-coded (numeric) ID, the definition should be modified to allow for the object identifier of the back-link object to be generated automatically. In this scenario, a back link for this forward link is created by setting the linkID for the back-link object to the ldapDisplayName of the forward-link object. The schema cache must be reloaded after the administrator creates the forward link and before the administrator creates the back link.
  6. Save and close the schema files that were updated.
  7. Rerun the Adprep/forestprep command from the folder where you made the schema file amendments.

Note You can apply the steps in this resolution for the intended schema update by using a /forestprep operation or for a third-party schema update.

MORE INFORMATION

If the domain controller functional level is DS_BEHAVIOR_WIN2003 or a higher level on Windows Server 2003 or a later version, it is no longer necessary to request a linkID value from Microsoft. A process exists to automatically generate a linkID value. The system automatically generates a linkID for a new linked attribute when the attribute’s linkID attribute is set to 1.2.840.113556.1.2.50.

For more information about how to obtain a linkID, visit the following Web site:
http://msdn.microsoft.com/en-us/library/bb891955(VS.85).aspx
For more information about the Auto-Generated linkID, visit the following Web site:
http://msdn.microsoft.com/en-us/library/cc223203(PROT.10).aspx
For more information about linkID, visit the following Web site:
http://msdn.microsoft.com/en-us/library/cc220062(PROT.10).aspx

Properties

Article ID: 969307 - Last Review: April 9, 2010 - Revision: 3.0
APPLIES TO
  • Microsoft Windows Server 2003 R2 Datacenter Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Datacenter x64 Edition
  • Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86)
  • Microsoft Windows Server 2003 R2 Enterprise x64 Edition
  • Microsoft Windows Server 2003 R2 Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003 R2 Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Datacenter x64 Edition
Keywords: 
kbexpertiseadvanced kbsurveynew kbtshoot KB969307

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com